
package com.anilallewar.microservices.auth.integration;

import com.anilallewar.microservices.auth.common.CacheConstants;
import com.anilallewar.microservices.auth.common.code.WebUtils;
import com.anilallewar.microservices.auth.integration.authenticator.IntegrationAuthenticator;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Map;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang.StringUtils;
import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.OrRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.GenericFilterBean;

/**
 * The type Integration authentication filter.
 *
 * @author LIQIU
 * @since 2018-3-30
 */
@Component
public class IntegrationAuthenticationFilter extends GenericFilterBean implements ApplicationContextAware {

    private static final String AUTH_TYPE_PARM_NAME = "auth_type";

    private static final String OAUTH_TOKEN_URL = "/oauth/token";

    private Collection<IntegrationAuthenticator> authenticators;

    private ApplicationContext applicationContext;

    private RequestMatcher requestMatcher;

    /**
     * Instantiates a new Integration authentication filter.
     */
    public IntegrationAuthenticationFilter() {
        this.requestMatcher = new OrRequestMatcher(new AntPathRequestMatcher(OAUTH_TOKEN_URL, "GET"),
                new AntPathRequestMatcher(OAUTH_TOKEN_URL, "POST"));
    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
            throws IOException, ServletException {

        HttpServletRequest request = (HttpServletRequest) servletRequest;
        HttpServletResponse response = (HttpServletResponse) servletResponse;

        if (requestMatcher.matches(request)) {
            // 设置集成登录信息
            IntegrationAuthentication integrationAuthentication = new IntegrationAuthentication();
            integrationAuthentication.setAuthType(request.getParameter(AUTH_TYPE_PARM_NAME));
            integrationAuthentication.setAuthParameters(request.getParameterMap());

            // 统一先获取clientInfo，放到 integrationAuthentication，之后各个 authenticator 需要时可引用
            // HttpServletRequest request = (HttpServletRequest) servletRequest;
            String[] clientInfos = WebUtils.getClientId(request);
            integrationAuthentication.setClient(clientInfos[0]);
            String machineId = integrationAuthentication.getAuthParameter(CacheConstants.MACHINE_ID);
            if (StringUtils.isNotBlank(machineId)) {
                integrationAuthentication.setMachineIdHash(DigestUtils.md5Hex(machineId));
            }

            IntegrationAuthenticationContext.set(integrationAuthentication);
            try {
                // 预处理
                this.prepare(integrationAuthentication, servletRequest);

                filterChain.doFilter(request, response);

                // 后置处理
                this.complete(integrationAuthentication);
            } finally {
                IntegrationAuthenticationContext.clear();
            }
        } else {
            filterChain.doFilter(request, response);
        }
    }

    /**
     * 进行预处理
     *
     * @param integrationAuthentication 集成认证信息
     * @param servletRequest 请求信息
     */
    private void prepare(IntegrationAuthentication integrationAuthentication, ServletRequest servletRequest) {

        // 延迟加载认证器
        if (this.authenticators == null) {
            synchronized (this) {
                Map<String, IntegrationAuthenticator> integrationAuthenticatorMap =
                        applicationContext.getBeansOfType(IntegrationAuthenticator.class);
                if (integrationAuthenticatorMap != null) {
                    this.authenticators = integrationAuthenticatorMap.values();
                }
            }
        }

        if (this.authenticators == null) {
            this.authenticators = new ArrayList<>();
        }

        // // 统一先获取clientInfo，放到 integrationAuthentication，之后各个 authenticator 需要时可引用
        // HttpServletRequest request = (HttpServletRequest) servletRequest;
        // String[] clientInfos = WebUtils.getClientId(request);
        // integrationAuthentication.setClient(clientInfos[0]);
        for (IntegrationAuthenticator authenticator : authenticators) {
            if (authenticator.support(integrationAuthentication)) {
                authenticator.prepare(integrationAuthentication, servletRequest);
            }
        }
    }

    /**
     * 后置处理
     *
     * @param integrationAuthentication 集成认证信息
     */
    private void complete(IntegrationAuthentication integrationAuthentication) {
        for (IntegrationAuthenticator authenticator : authenticators) {
            if (authenticator.support(integrationAuthentication)) {
                authenticator.complete(integrationAuthentication);
            }
        }
    }

    @Override
    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
        this.applicationContext = applicationContext;
    }
}
